Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Nested Tunnel - Tunnel inside Tunel

Hi, am wondering whether Cisco supports Nested tunneling?! i mean Tunnel inside Tunnel ( IPSec - 3DES). Any body has got any idea?

Host A --> RouterA --> Concentrator 3030 -->PIX515 -->RouterB -->HostB

The Outer Tunnel is between Concentrator 3030 and PIX515 and the Inside Tunnel is between RouterA and Router B.

6 REPLIES
Community Member

Re: Nested Tunnel - Tunnel inside Tunel

I don't know whether it is "supported", but it can be done.

We do it for encapsulating IPX through our VPN connections.

Just make sure you have matching 12.0 or later IOS on the routers. We had some problems with older versions and version mismatches.

Bronze

Re: Nested Tunnel - Tunnel inside Tunel

It is possible.. A lot of ppl do that for GRE and IPSEC tunnels

Community Member

Re: Nested Tunnel - Tunnel inside Tunel

Could you please explain... I tried it but the tunnell is not getting established between Router A and Router B when i try to pass through the VPN concentrator and PIX's tunnel.

noc
Community Member

Re: Nested Tunnel - Tunnel inside Tunel

yes cisco supports this.. see this link for

ideas

http://www.cisco.com/warp/public/707/index.shtml

bottom line is im fairly sure any IP traffic (ESP, etc) will work over a tunnel (providing you are not filtering anything on the outer tunnel)

Community Member

Re: Nested Tunnel - Tunnel inside Tunel

The concentrator does not seems to be passing the trafic when i initiate the tunnel from Router A side though i configured to allow all traffic.(My privte interface (internal) filter is any any..) Do you have any ideas?!!

Community Member

Re: Nested Tunnel - Tunnel inside Tunel

Finally I found a solution for this problem with a help of Cisco TAC. VPN 3060 does not pass IPSec traffic through inside interface. But when we tried with Cisco Router, it worked fine. Cisco says that, in theory VPN 3060 suppose to work in my scenario, however it didn’t. I hope Cisco will come out with a Solution. ( I don’t know whether it is a bug or not?!!)CISCO! PLEASE MAKE AN ATTENTION TO THIS...

1038
Views
0
Helpful
6
Replies
CreatePlease to create content